Network as a Service Model in Cloud Authentication by HMAC Algorithm

Network as a Service Model in Cloud

Authentication by HMAC Algorithm

Bommala Harikrishna

Ph.D Full Time Research Scholar, Research ID: M-7489-2017

Department of Computer Science and Engineering, YSR Engineering College of Yogi Vemana University Proddatur Kadapa, Andhra Pradesh, India- 516360

Email: [email protected] Dr. S. Kiran

Assistant Professor, Department of Computer Science and Engineering, YSR Engineering College of Yogi Vemana University Proddatur

Kadapa, Andhra Pradesh, India- 516360 Email: rkirans125 @gmail.com

K. Mani Deep

Assistant Professor, Department of Computer Science and Engineering, Bapatla Engineering College, Bapatla, AP, India- 522101

Email: [email protected]

---ABSTRACT---Resource pooling on internet-based accessing on use as pay environmental technology and ruled in IT field is the cloud. Present, in every organization has trusted the web, however, the information must flow but not hold the data. Therefore, all customers have to use the cloud. While the cloud progressing info by securing-protocols. Third party observing and certain circumstances directly stale in flow and kept of packets in the virtual private cloud. Global security statistics in the year 2017, hacking sensitive information in cloud approximately maybe 75.35%, and the world security analyzer said this calculation maybe reached to 100%. For this cause, this proposed research work concentrates on Authentication-Message-Digest-Key with authentication in routing the Network as a Service of packets in OSPF (Open Shortest Path First) implementing Cloud with GNS3 has tested them to securing from attackers.

Keywords – Authentication, Attacks, Cloud, Cryptography, Protocols, Router, Security

--- --- Date of Submission: March 05, 2018 Date of Acceptance: March 23, 2018 ---

---I. INTRODUCTION

I

n the year 2009, IT commercial organizations announced that Cloud was the second place. The role in IT industries has to sustain data centers and cloud profoundly infrastructures for rendering like Digital Ocean, Amazon Web Service, Yard, Wireshark, and Microsoft Azure. Through internet to service utility computing to software service by data centers to obtaining the internet to access the application services. The Hardware as a Service (HaaS) infers a virtual provider with respect to registering assets like OSs, organizing, Infrastructure, virtualization innovation, and [2] capacity administrations. Noblest IaaS benefit provider by AWS. This association can be

overviewed as the fundamental system for another two associations, for example, PaaS and SaaS. In Application as a Service (SaaS), buyers or customers contract programming encouraged by the expert organization. It comes to pass web based on installment [6]. If providers started using the virtual private cloud network (VPCN) for communication [3]. IT infrastructures such as the spread of wired/wireless broadcasting network moreover [6] the variety of toolsets, high speed, and the scope of free software and so on. The customer has faced with problems of authentication in a cloud model of service in Authentication as a Service [9].

Fig 1: Cloud Computing

There are bunches of components and devices are recently connected yet, we are confronting numerous sorts of issues

privacy info after, providers give customer ID for identification, and method for authentication for customer authentication finished for registration done. When service utilizing in a client, that time asking the authentication and ID of the client. In AaaS maintained by the strong authentication in some possibility way of authentication process has been hacked by the hacker, that reason AaaS one part of PaaS maintain safe techniques like PSWD, MFA(Multi-Factor-Authentication), CAPKI (Crypto-Authentication-Public-Key-Infrastructure), SOO(Sign-On-One), OTP (One-Time-Password) and SBMM (Scan-Bar-Code-Mobile-Method).

2.1 weakness of Authentication as a Service in Cloud:

PSWD: PSWD nothing but a password, is a one of Authentication as a Service. Now a days electronics device has maintained the password for security. In some situations is a complication and immediately hold the renewal password for security reasons.

MFA: Multi-Factor-Authentication is a kind of Authentication as a Service. MFA was clubbed with different methods like password, iris, OTP, certificate and biometrics.

CAPKI: Crypto-Authentication-Public-Key-Infrastructure is among one of in an Authentications as a Service. Based on the certificate to authenticate third party, but don’t share the safe info. The client way of to manage and inspect are not possible by the CAPKI. SOO: Sign-On-One is a kind of Authentication as a Service. If authenticate any one application, then assertion access through the other side.

MTM: Mobile Trusted Module is proposed by TCG which Samsung, Nokia, Ericson etc., which based on SIM with authentication for Smartphone.

to valid requests. As Dos assault that originates from a single tool.

Distributed Attacks: Inside the beyond, recoveries had been limited to the processing energy of only one machine. It has to calculate the energy of the machine by using DNA and around the globe to decrypt passwords. Close in Attacks: One kind of close in assaults is social engineering attacks wherein the attacker uses information of the other persons and attempts to take advantage of them with the aid of sending an e-mail or telephone and tries to acquire confidential facts [18] about their bank bills and so forth. In close-in-assaults, the attacker tries to gain records from bodily entities or community components by way of getting bodily near.

DDoS Attacks: Now and again protection specialists can purpose command and manage laptop structures inner a botnet, disrupting operations. But, figuring out command and manipulate devices takes time. Even postulate those are recognized then eliminated, partial botnets are designed in imitation of slip off regarding a failed command [19].

III. ARCHITECTURE FOR CLOUD WITH

GNS3

Fig 2: Cloud with GNS3

In cloud, internet network based on applications so, networking is a configured with an IP address in IPV4 in local system [16]. That IP address configure within Cloud. In business market simulation routers have so many, but GNS3 provide routers like 1720,1710,2660,3675 and 7200 and so on. But unique ideal number generally generates for each every time in a router for every user [13]. On GNS3 connection with cloud based upon IP address with the port number and configure router. On each and every router has a open by using putty software.

3.1 Message Digest Key Authentication Routing Authentication:

In attacker’s security reason for using MD-5 Cryptography-Key-Algorithms.MD-5 algorithm partition into the modules, each module block size of input 512 bits. At the end of the last block of module join the 64 bits. The genuine input date, length recording purpose used the 64 bits. If the last block is less than 512 bits, some extra bits are 'padded' to the end. Each block contains sixteen words of 32 bits each [11]. It is the representation as A0, A1,

A2, A3… A15.

The buffer is part of MD-5, creates 4 words and each holds 32 bits long. The listed below

i. ONE: 01 23 45 67 (A)

ii. TWO: 89 ab CD ef (B) iii. THREE: fe dc ba 98 (C) iv. FOUR: 76 54 32 10 (D)

Trigonometry Sin function is calculate to enhancement on future utilizing so maintain the MD-5 table T.

Tj = abs(sin(j + 1)) * 232. We consider ‘T’ has 64 elements. Element number j is indicated as Tj. AUXILIARY OF MESSAGE DIGEST KEY AUTHENTICATION ROUTING

AUTHENTICATION:

It’s used to logical operator , , 7, and, xor to the input data. Each function takes 3 32-bits and gives the output one 32-bit.

P(L,M,N) = (L and M) or (not(L) and N) (F) Q(L,M,N) = (L and N) or (M and

not(N)) (G)

R(L,M,N) = L xor M xor N (H) S(L,M,N) = M xor (L or not(N))(I) MD-5 have four rounds, each participate 16 operations below is one operation.

There are four rounds, each involves 16 basic operations

Fig 4: Message Digest Key Authentication Sending and Receiver Router C3645.

IV. GNS3 WITH CLOUD IMPLEMENTATION

BY PROPOSED ALGORITHM AND

EXPERIMENT

In this research and analyzing work, by the outside network to internal network request from connection to destination system in flood attackers. Before starting the implementation of Cloud with GNS3 authentication by

using the md5 cryptography algorithm, has required the open source latest version GNS3 [8] with browser the router and Loopback Network Adapter with IP address assigning with virtual cloud configure with nodes in NIO Ethernet. In ISO, Cisco C3745 dynamics GT96100-FE router images are downloaded in GNS3 open source website. In router configure with Ethernet, Fast Ethernet and Serial. Each router has a unique idle number [4]. In Gns3 with the cloud router has contains Telnet 127.0.0.1: port numbers 5000, 5001, 5003 and so on and inner configure python 3.6.3 version.

Fig 5: Configure Cloud with Network as a Service. After completion of configuration check the cloud is connected or not, then open which router is connect the cloud by using putty.

R1# ping 8.8.8.8 repeat 20

Sending 5, 100-byte echo to 8.8.8.8 time out to reach 2 seconds.

! , ! ! ! , ! ! ! ! ! ! ! ! , ! ! ! , !

Fig 6: Cloud connection by Putty with Router. 4.1 Steps for Router Configuration:

Step 1: open all routers using putty. Step 2: enable router configuration. Step 3: configuration terminal in router.

Step 4: By using Ethernet, Fast Ethernet, Serial and ATM any one configure the interface. Step 5: set the IP address and subnet mask. Step 6: save the all configuration.

Above steps configuration to all the routers, after ping individual IP address. Calculate the individual min/ avg /max.

Fig 7: Connecting all Routers with IP address Success Rate.

4.2 Proposed Algorithm Implementation for Ospf Authentication-Key with Message Digest Algorithm Cloud:

Algorithm: pre-requests are VPCS =VP{VP1,VP2,. ..

VPn}, Routers R := {series C3745 routers, r1, r2, r3 …rn}

and Cloud C:= {Cloud-1, Cloud-2….. Cloud-n}. below steps from 1 to 13.

1. Routing = {OSPF}, O={Non-Securing and MD5 Securing}.

2. Set D = Routing x O where

3. Loop { for all d belongs to D} :

4. Loop { r m belongs to R, where i belongs to

{1,2,3,…m}

5. Set up and config d on ri 6. Start server with IPx port,

7. Loop {for all VPCSj = VP, where j = 1,2,…n} 8. Establish connection to Cloud at IPx port. 9. Set up all R x Routing { r1,r2… rn with OSPF} 10. Set up D with Router

11. Loop { r m belongs to R, where i belongs to

{1,2,3,…m} and inner dm belongs to D is {OSPF

x O}

Fig 8: Message Digest Authentication enables in Router 4:

Fig 9: Message Digest Authentication enables router R2.

Fig 10: Authenticate for IP address OSPF packets. Above figure 10 shows the packet secure communication from source IP(192.168.0.1) to destination IP(192168.0.2). Here source router is Hari and destination router id Krishna.

In Hari router received rid: 192.168.0.2 aut : 2 keyid:1 seq : 0x3C7ECC80 from FastEthernet0/0.

In Krishna router received rid: 192.168.0.2 aut : 2 keyid:1 seq : 0x3C7EC77 from FastEthernet0/0.

Fig 11: Clock offset, root delay, root dispersion and peer dispersion without uthentication.

In above figure : 11 shows that, the designing authentication as a service model packets transmitted by

Fig 12: Clock offset, root delay, root dispersion and peer dispersion with Authentication.

In above figure: 12 shows that, the designing authentication as a service model packets transmitted by using the OSPF routing protocol, packets reached the destination by using authentication algorithm. In R2,

receive packet from 10.0.0.1 to 10.0.0.2 on FastEthernet0/0 by using the Network Time Protocol to analyzing the Clock offset, root delay, root dispersion and peer dispersion of the time calculated.

The below table: 1 mention values are calculated by using NTP in OSPF routing in the Cloud.

Time

Clock

offset

Root

delay

Root

dispersion

Peer dispersion

without authentication

12.94

19.96

24.31

11.34

with authentication

8.844

15.69

15.98

7.11

Table 1: The result offset, root delay, root dispersion, peer dispersion

Graph 1: Graph for with authentication and without authentication

The above graph shows that in without authentication, the root delay, time offset, root dispersion and peer dispersion is increasing. By using a proposed implementation cryptography algorithm the root delay, and root delay, root dispersion and peer dispersion ratio are reduced.

V. CONCLUSION

the OSPF protocol the service model of the Network as a Cloud. If choosing any path from the model, then MD5 had hid the packets and authenticated. The design model using the components of Cisco C3745 routers with interfacing serials, Fast-Ethernet with connecting putty terminal. Testing time comparison of time delay, root dispersion and peer dispersion, so gives best performance analysis in MD-5. GNS-3 is a graphical community simulator, which facilitates in, going for walks simulations at the consumer-designed models.

REFERENCES

[1] X. Wang and S. Zhang, Research about optimization of campus network security system, Procedia Eng., vol. 15, pp. 1802–1806, 2011.

[2] B.Harikrishna, S.Kiran, G.Murali and R.Pradeep Kumar Reddy, Security Issues In Service Model Of Cloud Computing Environment, Procedia Computer Science 87 ( 2016 ) 246 251, Science Direct.

[3] Cataldo Basile, Antonio Lioy, Analysis of Application Layer Filtering Policies With Application to HTTP, IEEE/ ACM Transactions on Networking, 1063-6692, 2013 IEEE.

[4] Free CCNA Tutorials. Study CCNA For Free!. Study-ccna.com. N.p., 2017. Web. 21 Mar. 2017.

[5] Cite A Website - Cite This For Me. Networkstraining.com. N.p., 2017. Web. 21 Mar. 2017.

[6] B.Harikrishna, N.Anusha, K.Manideep, Madhusudhanarao, Ch, Quarantine Stabilizing Multi-Keyword Rated Discover with Unfamiliar ID Transferover Encrypted Cloud Warning IJERCSE Vol 2, Issue 2, February 2015.

[7] Zili Shao, Chun Xue, Qingfeng Zhuge, Meikang Qiu, Bin Xiao, Edwin H.-M Sha, ―Security Protection and Checking for Embedded System Integration against

Buffer Overflow attacks via Hardware/Software‖,

IEEE Transactions on Computers, Vol. 55, NO. 4, April 2006.

[8] Source: https://docs.gns3.com/.

B. Harikrishna, Efficient Resource Allocation using Fair Scheduling in Cloud Based Systems, RITS ICA EM 2012.

[9] Chandra Wijaya 2011 IEEE _355-360.

[10] B. Harikrishna, S. Kiran, R. Pradeep Kumar Reddy, Protection on sensitive information in cloud

Cryptography algorithms, IEEE digital Library 10.1109/CESYS.2016.7889894.

[11] Source: Computer weekly.com

[12] Jason C. Neumann The book of GNS3 Device Nodes, Live Switches, and the Internet 2015.

[13] Khalid Abu Al-Saud, Hatim Tahir, Moutaz Saleh and Mohammed Saleh 2010 IAJIT _{380- 387.}

[14] Check point FireWall-1, version 3.0 White paper

June 1997

http://www.checkpoint.com/products/whitepapers/wp 30.pdf.

[15] Wallace, Kevin. CCNP Routing And Switching ROUTE 300-101 Official Cert Guide. 1st ed. Indianapolis, IN: Pearson Education, 2015.

[16] Hon Sun Chiu, Kwan L. Yeung, and King-Shan Lui- J-CAR: An Efficient Joint Channel Assignment and Routing Protocol for IEEE 802.11-Based Multi- Channel Multi-Interface Mobile Ad Hoc Networks, 1706 IEEE TRANSACTIONS ON WIRELESS COMMUNICATIONS, VOL. 8 (4) , APRIL 2009. [17] Anja Feldmann, Jennifer Rexford, and Ramon

Caceres, ”Efficient Policies for Carrying Web Traffic Over Flow- Switched Networks” , IEEE/ ACM transactions on networking, vol. 6, no. 6, December 1998.

[18] Q.Zhao, Y. Mou, and S.H.. Qin, “The design of Security authentication system based on campus Network, “ Proc. – Int. Conf. Electr. Control Eng. ICECE 2010, pp. 3070-3073, 2010.